Prep for CEH soon

I received the courseware material for the CEH course. It was a heavy box. Came with a ECCI backpack, T-Shirt that says "Got Penetrated", and 5 thick books!! Can't wait to take this course!!

Find more posts tagged with

Comments

dynamik

So are you back on the cert bandwagon since you passed up that other job offer? It sounded like you were going to take a break if you went with that other job.

This cert looks like a blast. How much was the official courseware? I heard it's kind of pricey.

On a side note, I believe that "Got Penetrated" shirt is going to be widely misinterpreted

famosbrown

Well...after fighting I received it free since it was promised to me when it was first released and offered at New Horizons. It is more expensive now, so they were fighting and trying to get me to choose another class that I would get for free. I'm not sure what the actual price is right now...I'll post back after going to their site. Now that I think about it, I think the shirt say "Got Penetrated Yet?" It then has something like become ECCI certified ethical hacker something on the front or maybe the back. I will check it out when I get home.

Yeah...I can pass on free training and after thinking about how much knowledge and time I would be wasting managing a help desk, I think I am back on the certification bandwagon...having more fun this way

mengo17

famosbrown wrote:

I received the courseware material for the CEH course. It was a heavy box. Came with a ECCI backpack, T-Shirt that says "Got Penetrated", and 5 thick books!! Can't wait to take this course!!

T-Shirt that says "Got Penetrated" ?

I wouldn't wear that shirt

JDMurray

dynamik wrote:

On a side note, I believe that "Got Penetrated" shirt is going to be widely misinterpreted

And "Got Penetration?" wouldn't be much better.

famosbrown

LOL!!

Okay, the front of the T-Shirt says "GOT PENETRATED?"

The back of the shirt says "GET CERTIFIED!" and then below that it's the C|EH symbol with Certified Ethical Hacker and www.eccouncil.org.

According the Course Catalog on New Horizons site, the course is 2600 dollars.

JDMurray

famosbrown wrote:

According the Course Catalog on New Horizons site, the course is 2600 dollars.

Hmmm...2600. I can't think of a better amount to charge for a hacking course.

famosbrown

JDMurray wrote:

famosbrown wrote:

According the Course Catalog on New Horizons site, the course is 2600 dollars.

Hmmm...2600. I can't think of a better amount to charge for a hacking course.

LOL...I've never heard of that one. That's a good correlation

famosbrown

Outline of the course is below.

http://www.eccouncil.org/EC-Council%20Education/ceh-course-outline.htm

I asked my instructor if we would get through all of this in 5 evenings and one weekend day, and he said that we would. The entire volume is about 2300 pages. Has anyone else taken the course yet? Did you get thorugh all of the material including the Lab Manual in a week? Maybe Keatron can shed some light on it...I think he teaches the course sometime!

dtlokee

We dropped the CEH from our course catalog because it was too much information and most students were dissasitified with the amount of material and the short timeframe set forth by the class. It really needs to be much longer to be productive.

JDMurray

It looks like a lot of information to cover for even and entire college semester. Very intimidating.

keatron

famosbrown wrote:

Outline of the course is below.

http://www.eccouncil.org/EC-Council%20Education/ceh-course-outline.htm

I asked my instructor if we would get through all of this in 5 evenings and one weekend day, and he said that we would. The entire volume is about 2300 pages. Has anyone else taken the course yet? Did you get thorugh all of the material including the Lab Manual in a week? Maybe Keatron can shed some light on it...I think he teaches the course sometime!

The trick with teaching CEH is understanding how it's put together. For example, just the module on scanning alone has about 20 different tools for scanning. Same for Recon, and other modules. What you have to do is introduce the students to the most popular ones (Nmap for the sake of scanning). Out of those 20 tools, they can really all be broken down into groups of 5 types of scanning tools, which is basically based on how they scan, and how they make determinations about the target network. So you don't need to cover all 20, just cover 1 from each group, and suddenly you only have to cover 5 tools instead of 20. Then let the students know that all the other tools work similar to one of the 5 you covered. They can explore the others any time they feel like it. Some of the modules I barely touch at all. For example, social engineering; For the most part I highlight some of the key weakness in us humans and how they are exploited, but giving real world examples from "the trenches". Anybody who's at a technical level to take the CEH class shouldn't need to have social engineering definitions read to them for the 200th time. "Yes Keatron, we know what phishing is". If a students chooses to go back and read all 2300 pages of the books AFTER the course is over, then power to em. A lot of the pages in those books are meant to be strictly for reference purposes as you grow as a security/pen tester. For example, the 70+ pages on law......nobody expects a student to memorize and learn that in a few days. I've seen some instructors fail miserably with this class simply because they attempt the "read to the students out of the book" approach. With 2300 pages to cover, it'll never work.

With all that being said......ahem. 5 evenings and one weekend day would be tough to pull off. I've taught this class probably more than 20 times, and I would certainly have trouble pulling it off in that amount of time. For the most part, I teach it from 9 AM to 10 PM 5 days. 9 am to 5 pm is standard class mix of lab and lecture, then from 6 to 10 there are more intense labs, which are usually highlighted by some type of capture the flag contest that I've created. This seems to work best for that volume of material and level of depth.

Keatron.

famosbrown

Thanks Keatron! We will see...the sad thing about it all is that I've began reading the 2300+ pages, but then I get sleepy...maybe it's just the first module. The evening class is scheduled for 5:30 p.m. to 11:30 p.m., but I've heard it usually goes to at least 1 a.m. at the agreement of the class. No class has disagreed so far I'm told. Should be interesting though. Can't wait!

shednik

famosbrown wrote:

Thanks Keatron! We will see...the sad thing about it all is that I've began reading the 2300+ pages, but then I get sleepy...maybe it's just the first module. The evening class is scheduled for 5:30 p.m. to 11:30 p.m., but I've heard it usually goes to at least 1 a.m. at the agreement of the class. No class has disagreed so far I'm told. Should be interesting though. Can't wait!

That sounds awesome I wish my company would send me to a CEH Class!!

JDMurray

shednik wrote:

That sounds awesome I wish my company would send me to a CEH Class!!

I wish my company would send me to keatron's CEH class!

shednik

JDMurray wrote:

shednik wrote:

That sounds awesome I wish my company would send me to a CEH Class!!

I wish my company would send me to keatron's CEH class!

That would just be a great bonus to it all

famosbrown

Took the course and it was alright...

It was very fast paced and we didn't get to go over all of the tools, but many of them. Our instructor was the target. We used VM's for everything, so the tools that the instructor wanted us to use and demonstrate were already on the computer. It's amazing how many tools are out there and what they do. tehy make it very easy for even a beginner to penetrate a network. Of course the best tools and skills are the ones not known and held by either Black Hats or Grey Hats

.

I didn't know what to expect, but I would classify it as a BootCamp as fast as we went through three thick books in 5 weekday nights and a Saturday. We then had the option to take the test on the last day with the instructor as the proctor. Out of the 15 students, 4 didn't take it because they didn't feel they were ready, and from what I know, 8 passed...including myself. Some of the questions were self explanatory. I also question the course because a lot of what the instructor covered was on the exam and the stuff he kind of skimmed past wasn't. Kind of fishy...it wasn't like he was giving us the question and aswers, but he went over the tools and information that we needed to know. I also tend to highlight things when instructors repeat it, and sure nuff...I found the material I studied was pretty right on.

I passed with an 84, and the exam was 150 questions. I'm definitely going to setup some VM's for testing some of the other tools out. Some of the questions were questions that I remember from Sec+ like Smurf Attacks, IDS, Anti-virus, zombies/bots, trojans, etc., but the new stuff were the actual tools used to defend and utilize the above. Overall an okay class, but I feel robbed...I'm glad I didn't pay for it.

keatron

famosbrown wrote:

Took the course and it was alright...

It was very fast paced and we didn't get to go over all of the tools, but many of them. Our instructor was the target. We used VM's for everything, so the tools that the instructor wanted us to use and demonstrate were already on the computer. It's amazing how many tools are out there and what they do. tehy make it very easy for even a beginner to penetrate a network. Of course the best tools and skills are the ones not known and held by either Black Hats or Grey Hats .

I didn't know what to expect, but I would classify it as a BootCamp as fast as we went through three thick books in 5 weekday nights and a Saturday. We then had the option to take the test on the last day with the instructor as the proctor. Out of the 15 students, 4 didn't take it because they didn't feel they were ready, and from what I know, 8 passed...including myself. Some of the questions were self explanatory. I also question the course because a lot of what the instructor covered was on the exam and the stuff he kind of skimmed past wasn't. Kind of fishy...it wasn't like he was giving us the question and aswers, but he went over the tools and information that we needed to know. I also tend to highlight things when instructors repeat it, and sure nuff...I found the material I studied was pretty right on.

I passed with an 84, and the exam was 150 questions. I'm definitely going to setup some VM's for testing some of the other tools out. Some of the questions were questions that I remember from Sec+ like Smurf Attacks, IDS, Anti-virus, zombies/bots, trojans, etc., but the new stuff were the actual tools used to defend and utilize the above. Overall an okay class, but I feel robbed...I'm glad I didn't pay for it.

I hate to hear you didn't have a great experience. But congrats on the pass!

famosbrown

keatron wrote:

famosbrown wrote:

Took the course and it was alright...

It was very fast paced and we didn't get to go over all of the tools, but many of them. Our instructor was the target. We used VM's for everything, so the tools that the instructor wanted us to use and demonstrate were already on the computer. It's amazing how many tools are out there and what they do. tehy make it very easy for even a beginner to penetrate a network. Of course the best tools and skills are the ones not known and held by either Black Hats or Grey Hats .

I didn't know what to expect, but I would classify it as a BootCamp as fast as we went through three thick books in 5 weekday nights and a Saturday. We then had the option to take the test on the last day with the instructor as the proctor. Out of the 15 students, 4 didn't take it because they didn't feel they were ready, and from what I know, 8 passed...including myself. Some of the questions were self explanatory. I also question the course because a lot of what the instructor covered was on the exam and the stuff he kind of skimmed past wasn't. Kind of fishy...it wasn't like he was giving us the question and aswers, but he went over the tools and information that we needed to know. I also tend to highlight things when instructors repeat it, and sure nuff...I found the material I studied was pretty right on.

I passed with an 84, and the exam was 150 questions. I'm definitely going to setup some VM's for testing some of the other tools out. Some of the questions were questions that I remember from Sec+ like Smurf Attacks, IDS, Anti-virus, zombies/bots, trojans, etc., but the new stuff were the actual tools used to defend and utilize the above. Overall an okay class, but I feel robbed...I'm glad I didn't pay for it.

I hate to hear you didn't have a great experience. But congrats on the pass!

Thank Keatron! I think the expeience was definitley the instructors fault. He doesn't do on the job security everyday, and only knows what he has been taught by ECCI and previous work experience before teaching. He is definitely a lot better at teaching the Microsoft courses.

sprkymrk

Congrats famos.

If I can find the training and a way to afford it, I would like to do this one this year.

Schluep

Congratulations on passing and thanks for the information regarding your experience with the course.

Obviously without violating your NDA, what was your overall view of the exam in terms of difficulty. Was it easier or more difficult than you expected? Were the questions worded well? I am curious since I heard the increased the difficulty a lot with the new version but everyone seems to be passing with high scores.

snadam

good job famosbrown!

Ive always wanted to take this exam. Perhaps I will down the road.

famosbrown

Schluep wrote:

Congratulations on passing and thanks for the information regarding your experience with the course.

Obviously without violating your NDA, what was your overall view of the exam in terms of difficulty. Was it easier or more difficult than you expected? Were the questions worded well? I am curious since I heard the increased the difficulty a lot with the new version but everyone seems to be passing with high scores.

Thanks everyone!!! I still have a nasty taste in my mouth as I felt the instructor focused on the areas that were needed only to pass the exam, but oh well...

the exam was very tough and their were a few questions I actually had to guess on. There were questions where you had to look at some programming code and decipher what type of vulnerability or attack the code would be subject to. In order to answer the question, you would have to understand C or SQL Scripting, etc. You also had to deciper some Hex to see what type of attack is being used, etc., etc. Some of those questions were similar to examples in the courseware, so memorization helped, but some were just impossible without just knowing how to really decipher raw hex and code. There was some math involved as well. It was pretty difficult in my opinion...much more difficult than Security+ in my opinion, but Security+ helped with some of the questions. I don't think I would have passed without taking the course though...that's for sure. I don't think I would have even known how to prepare for those questions, but like I said...I have a bad taste in my mouth as the instructor led you in depth in the areas that you needed to know for the exam, and even gave examples that stuck with you that aided in the exam. Not everyone took the exam, and not everyone passed, but the majority did. My experience taking this course was definitely a bootcamp, and not the same courses I've taken for CompTIA and MOC. The course taught you a lot of cool things, but focused on what you needed to know to pass the exam. The instructor clearly stated that he recommend practicing the tools and going through the workbook on your own time as the course schedule is just too short to reallly teach you everything...maybe that's why they did it bootcamp style...who knows. I'm just glad I didn't pay for it as I would want my money back. I'm sure there will be different experience with different ECCI instructors...especially an instructor who lives and breathe security everyday.

Schluep

Thanks for the follow-up information and congrats again on your pass. I am looking forward to taking this one soon.